.NET identity-based security (aka .NET Role Based Security) is a flexible and extensible infrastructure to implement Windows or custom security in your application. The use of roles abstracts access checks from specific user names, providing you the flexibility to code against roles. Only at deployment time will the application administrator replace domain or custom users from roles as people come and go or change job position.
Sometimes, however, hard coding the roles into the application doesn't provide enough flexibility. In this case, you need an additional level of indirection; that is, switching to operation-based access checks. This will be the main subject of the second article in this series.